Did You Fall Victim to a Ransomware Attack? Here’s What to Do


Because so many will pay to regain access to their files, ransomware has quickly become the most prominent type of malware over the past couple of years. Photo: FreshSplash/GettyImages

As the name suggests, “ransomware” is an attack that locks your computer and demands a ransom to give back your data.

While cybercriminals typically target businesses and governments — in the hopes they’ll pay big bucks to release files and perhaps avoid a public relations disaster — crooks can also extort money from regular computer users, like you and me.

Typically, you’ll sit down to use your laptop or desktop and will see an on-screen alert that states your computer has been locked, or that your files have been “encrypted.” To obtain a decryption key, you must pay up. The ransom demanded from individuals varies greatly, but is frequently between US$200 and US$400, and must be paid in virtual currency, such as Bitcoin.

(For businesses, including healthcare facilities and universities, criminals typically extort $100,000 or more in untraceable cryptocurrency — or else the obtained files will be deleted, sold, or published online to humiliate the organization.)

Because so many will pay to regain access to their files, ransomware has quickly become the most prominent type of “malware” (malicious software) over the past couple of years.


So, What to Do?


According to cybersecurity experts, the rule of thumb is not to give in.

“Don’t pay!” says Tony Anscombe, Chief Security Evangelist for ESET, a leading cybersecurity company. “Paying cybercriminals in some instances is illegal and it funds further criminal activity.”

“Plus, there is also no guarantee they will provide a decrypter,” warns Anscombe, who also authors several articles at WeLiveSecurity.com.

If you see a ransomware message, Anscombe says to isolate the computer from all other devices, disconnect it from Wi-Fi, and unplug any USB drives or external hard drives, too.

Next, try and identify the type of ransomware. On another device, “search for the exact text used in the demand … or use available tools such as Crypto Sheriff from ‘No More Ransom,’ which is an organization supported by ESET and Europol [the European Union’s law enforcement agency].”

Lastly, “search for a free decrypter, as there are many available for the common ransomware variants, plus install and run an antimalware product, such as ESET, to remove the infection…and decrypt the data,” advises Anscombe.


Alternatively, if you have a good backup that is not affected, then a good solution may be to reload the operating system and restore the backup, Scan the device with anti-malware software to ensure the infection was not dormant in the backup.



An Ounce of Prevention


The best way to fight ransomware, and other kinds of malware, is to greatly minimize your odds of being attacked to begin with. 

“Prevention is the best form of protection,” advises Anscombe.

Proactively install anti-malware cybersecurity software on all your devices — including Windows PCs, Macs and Android phones — and ensure the software is set to auto-update and don’t let it expire. Anti-malware software is usually an annual subscription.

Delete suspicious emails and text messages from your bank, Internet Services Provider (ISP), credit card company, and so on, instead of clicking on the link that takes you to a phony site asking you for personal information. These organizations will never reach out to you via email and ask you to urgently confirm your personal or financial details. And never ever click on attachments you’re not expecting.

Only download apps (programs) from trusted sources, such as the Microsoft Store (for Windows 10), the Mac App Store (for Mac users), App Store (iPhone, iPad) or Google Play for Android devices and Chromebooks.

Keep apps and operating systems fully updated, where possible set to auto-update — so you don’t have to remember to do it.

On a related note, make sure the devices you have on your network, like a wireless printer or router, are also updated with the latest software (called “firmware”). 

Anscombe says authors of ransomware also like to use pop-up windows that warn you of some kind of malware on your machine. “Don’t click on the window — instead, close it with a keyboard command (CTRL + W in Windows or + W for Mac users) or by clicking on your taskbar.



Backups Are Key, Too


You know the old adage you don’t know what you got until it’s gone so be sure to back up your important files on a regular basis in the event of a ransomware attack (or other kinds of malware), as well as theft, fire or flood, or a power surge that fries your hard drive.

It doesn’t really matter how you back up your files, as long as you do something and fairly often.

There are several inexpensive local (and offline) backup solutions, like external hard drives and solid state drives (SSDs), networked drives or USB flash drives (also known as “thumbsticks” or “jump drives”). Plug them into your PC and either manually drag and drop files onto the drive for safe keeping (using Windows Explorer or Finder for Mac users) or install free software that automatically backs up your files to an external drive every day.

Also take advantage of one of the free online “cloud” storage options, which lets you access your files securely through a password-protected app or website. Popular cloud services include OneDrive, Google Drive, iCloud, and Dropbox, to name a few.